Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/AuT9nlfLKJ1gIaVQjBN9Y0SEgi4.roa
File:                     AuT9nlfLKJ1gIaVQjBN9Y0SEgi4.roa (raw, json)
Hash identifier:          gzl+VGH+LhUpf0+hpq0htMH2Ue1zH66lXU2TNoTBN5Q=
Subject key identifier:   02:E4:FD:9E:57:CB:28:9D:60:21:A5:50:8C:13:7D:63:44:84:82:2E
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       01953D517286F5628AECCD7F9A3817371E2B
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/AuT9nlfLKJ1gIaVQjBN9Y0SEgi4.roa
Signing time:             Tue 25 Feb 2025 13:35:02 +0000
ROA not before:           Tue 25 Feb 2025 13:35:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        81.22.136.0/22 maxlen: 23
                          89.185.0.0/22 maxlen: 22
                          109.72.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3d:51:72:86:f5:62:8a:ec:cd:7f:9a:38:17:37:1e:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Feb 25 13:35:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02e4fd9e57cb289d6021a5508c137d634484822e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b1:45:04:73:79:6b:02:11:88:75:b8:17:c9:
                    65:87:b5:23:28:10:e0:78:29:1a:12:59:6d:45:a7:
                    0d:a6:ba:5b:06:b3:6a:25:e2:81:9f:eb:5a:b3:af:
                    2f:70:1e:cd:d4:1f:af:29:c2:da:99:03:26:34:e2:
                    ce:12:d2:bb:60:9a:59:a8:e8:93:75:1a:95:a0:f2:
                    75:4c:22:7f:e2:63:0d:aa:6d:46:9d:91:08:e4:21:
                    dd:80:a7:69:a9:28:32:3f:5f:ba:1e:49:08:cd:59:
                    da:71:3e:a0:f5:ff:0a:25:49:26:80:d1:d4:79:7d:
                    57:f7:d8:b2:0c:6c:e5:aa:3d:f8:9f:f1:33:d8:bc:
                    cf:15:69:11:53:50:99:5c:86:b8:d8:e6:17:2a:40:
                    03:a9:0e:97:b0:b5:fe:d5:51:31:ba:62:bd:21:fa:
                    2d:a1:e4:97:3b:a6:9f:1e:f2:2a:1e:07:85:8c:76:
                    d1:0f:dd:4f:14:a0:c5:c5:f1:48:0a:51:14:f5:60:
                    a8:7a:b8:1e:cb:42:15:ab:81:c7:ec:01:f9:cf:9c:
                    c1:bf:73:c2:70:b6:66:49:a8:0e:02:d7:5c:ce:5e:
                    68:f2:72:a9:a5:de:e9:45:ab:7e:36:cf:33:d6:9a:
                    98:80:3b:d2:a8:81:1d:d9:d0:6d:89:59:32:9b:06:
                    7b:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:E4:FD:9E:57:CB:28:9D:60:21:A5:50:8C:13:7D:63:44:84:82:2E
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/AuT9nlfLKJ1gIaVQjBN9Y0SEgi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.136.0/22
                  89.185.0.0/22
                  109.72.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:ff:f8:3b:e9:ce:87:fc:00:63:c3:65:8f:4b:7e:25:9f:24:
         55:19:7f:aa:1b:3a:df:62:2c:60:d9:40:06:56:f6:cf:3e:1b:
         96:97:23:fd:db:12:e7:73:73:9a:a6:b1:67:21:d9:b3:37:35:
         0d:ff:30:e4:12:92:72:dc:f4:68:5c:89:87:ba:b5:bd:e9:f3:
         42:1e:40:97:f0:66:98:09:a3:e7:e3:72:7a:cb:ab:de:8f:08:
         e7:d8:21:a5:86:78:58:13:ff:b9:0a:ca:5e:40:56:95:bb:43:
         36:66:51:ba:c0:70:5b:f1:4c:39:88:87:89:3e:dd:5d:6e:d2:
         27:50:4b:11:42:da:7f:1c:83:85:51:a5:bd:eb:e9:74:85:04:
         9b:88:c2:e9:23:61:0e:41:b6:37:74:61:13:70:27:13:48:c9:
         c1:c1:31:38:4e:4e:d6:c6:33:fc:5b:93:e8:47:6a:36:65:c9:
         a7:92:42:04:a0:cd:44:2f:9e:81:90:34:86:e4:bf:01:9d:1f:
         9a:3f:52:00:ea:33:5b:d8:25:7a:3d:a0:e5:cf:55:5a:8d:58:
         4f:10:ef:ac:ab:bf:25:e0:97:30:72:90:64:8c:d2:63:45:6a:
         2a:2b:f9:84:74:2a:28:d6:6c:ed:d0:04:c4:51:1d:68:37:53:
         8d:a4:04:45
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZU9UXKG9WKK7M1/mjgXNx4rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUwMjI1MTMzNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmU0ZmQ5ZTU3Y2IyODlkNjAyMWE1NTA4YzEzN2Q2MzQ0ODQ4MjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7FFBHN5awIRiHW4F8llh7UjKBDg
eCkaElltRacNprpbBrNqJeKBn+tas68vcB7N1B+vKcLamQMmNOLOEtK7YJpZqOiT
dRqVoPJ1TCJ/4mMNqm1GnZEI5CHdgKdpqSgyP1+6HkkIzVnacT6g9f8KJUkmgNHU
eX1X99iyDGzlqj34n/Ez2LzPFWkRU1CZXIa42OYXKkADqQ6XsLX+1VExumK9Ifot
oeSXO6afHvIqHgeFjHbRD91PFKDFxfFIClEU9WCoergey0IVq4HH7AH5z5zBv3PC
cLZmSagOAtdczl5o8nKppd7pRat+Ns8z1pqYgDvSqIEd2dBtiVkymwZ7YwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFALk/Z5XyyidYCGlUIwTfWNEhIIuMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvQXVUOW5sZkxLSjFnSWFWUWpCTjlZMFNFZ2k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCURaIAwQC
WbkAAwQCbUh0MA0GCSqGSIb3DQEBCwUAA4IBAQAc//g76c6H/ABjw2WPS34lnyRV
GX+qGzrfYixg2UAGVvbPPhuWlyP92xLnc3OaprFnIdmzNzUN/zDkEpJy3PRoXImH
urW96fNCHkCX8GaYCaPn43J6y6vejwjn2CGlhnhYE/+5CspeQFaVu0M2ZlG6wHBb
8Uw5iIeJPt1dbtInUEsRQtp/HIOFUaW96+l0hQSbiMLpI2EOQbY3dGETcCcTSMnB
wTE4Tk7WxjP8W5PoR2o2ZcmnkkIEoM1EL56BkDSG5L8BnR+aP1IA6jNb2CV6PaDl
z1VajVhPEO+sq78l4JcwcpBkjNJjRWoqK/mEdCoo1mzt0ATEUR1oN1ONpARF
-----END CERTIFICATE-----